Shamoon

For the apostle of Jesus, see Shamoon al-Safa. For the actor, see Shamoon Abbasi.

Shamoon[a] (Persian: شمعون), also known as W32.DistTrack,[1] is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature of the attack and the cost of recovery. Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unusable.[2][3]

The virus was used for cyberwarfare[4] against national oil companies including Saudi Arabia's Saudi Aramco and Qatar's RasGas.[5][2][6] A group named "Cutting Sword of Justice" claimed responsibility for an attack on 30,000 Saudi Aramco workstations, causing the company to spend more than a week restoring their services.[7] The group later indicated that the Shamoon virus had been used in the attack.[8] Computer systems at RasGas were also knocked offline by an unidentified computer virus, with some security experts attributing the damage to Shamoon.[9] It was later described as the "biggest hack in history".[3]

Symantec, Kaspersky Lab,[10] and Seculert announced discovery of the malware on 16 August 2012.[2][11] Kaspersky Lab and Seculert found similarities between Shamoon and the Flame malware.[10][11] Shamoon made a surprise comeback in November 2016,[12] January 2017,[13] and December 2018.[14]


Cite error: There are <ref group=lower-alpha> tags or {{efn}} templates on this page, but the references will not show without a {{reflist|group=lower-alpha}} template or {{notelist}} template (see the help page).

  1. ^ Cite error: The named reference ICS-CERT2017 was invoked but never defined (see the help page).
  2. ^ a b c Cite error: The named reference SSRAug2012 was invoked but never defined (see the help page).
  3. ^ a b Cite error: The named reference Pagliery2015 was invoked but never defined (see the help page).
  4. ^ Cite error: The named reference Thompson2012 was invoked but never defined (see the help page).
  5. ^ Cite error: The named reference Sandle2012 was invoked but never defined (see the help page).
  6. ^ Cite error: The named reference BBCAug17 was invoked but never defined (see the help page).
  7. ^ Cite error: The named reference PerlrothOct2012 was invoked but never defined (see the help page).
  8. ^ Cite error: The named reference Mills2012 was invoked but never defined (see the help page).
  9. ^ Cite error: The named reference BBCAug31 was invoked but never defined (see the help page).
  10. ^ a b Cite error: The named reference GReAT2012 was invoked but never defined (see the help page).
  11. ^ a b Cite error: The named reference Seculert2012 was invoked but never defined (see the help page).
  12. ^ Cite error: The named reference SSRNov2016 was invoked but never defined (see the help page).
  13. ^ Cite error: The named reference Reuters2017 was invoked but never defined (see the help page).
  14. ^ Cite error: The named reference Reuters2018 was invoked but never defined (see the help page).